Windows 10 to include built-in two-factor authentication

Alexey Zhukov

07:56, October 23, 2014

We've looked at the two public builds of the Windows 10 Technical Preview -- the initial, disappointing, embryonic build 9841, and the very slightly less disappointing build 9860 -- but of course the best is still to come. There are many features we expect to find their way into the final build, such as Cortana, and there are sure to be many surprises. One interesting inclusion is built-in two-factor authentication.

The presence of this valuable security feature is revealed by Jim Alkove in a post on the Windows blog in which he talks about the importance of identity protection and general security. He explains that Windows 10 will start to move users away from single factor authentication -- the humble password -- in favor of more secure options.

He is talking specifically about built-in two-factor authentication. This is something that will be of particular interest to business and enterprise customers, but is also of great value to the average consumer. Alkove explains how a cell phone could be used as a login tool:

Once enrolled, devices themselves become one of two factors that are required for authentication. The second factor will be a PIN or biometric, such as fingerprint. From a security standpoint, this means that an attacker would need to have a user’s physical device – in addition to the means to use the user’s credential – which would require access to the users PIN or biometric information. Users will be able to enroll each of their devices with these new credentials, or they can enroll a single device, such as a mobile phone, which will effectively become their mobile credential. It will enable them to sign-in into all of their PC’s, networks, and web services as long as their mobile phone is nearby.

New user credential authentication will be supported by Active Directory, Azure Active Directory, and Microsoft Accounts as standard. Microsoft is keen to move people away from old-fashioned passwords. With other new features such as data loss prevention (DLP) to contain and protect business-related data, and an increased reliance on app signing, Windows 10 is shaping up to be Microsoft's most secure operating system yet.